hedgedoc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Platform to write and share markdown
Version 1.9.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2331 1.8.2-1 1.9.0-1 High Fixed
AVG-1946 1.8.1-1 1.8.2-1 High Fixed
AVG-1908 1.7.2-3 1.8.0-1 Medium Fixed
AVG-1876 1.7.2-2 1.7.2-3 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-39175 AVG-2331 High Yes Cross-site scripting
In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by...
CVE-2021-29503 AVG-1946 High Yes Cross-site scripting
HedgeDoc before version 1.8.2  is vulnerable to a cross-site scripting (XSS) attack using the YAML-metadata of a note. An attacker with write access to a...
CVE-2021-29474 AVG-1876 Medium Yes Information disclosure
A security issue has been found in HedgeDoc before version 1.8.0. An attacker can read arbitrary .md files from the server's filesystem due to an improper...
CVE-2021-21306 AVG-1908 Medium Yes Denial of service
In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone...

Advisories

Date Advisory Group Severity Type
14 Sep 2021 ASA-202109-1 AVG-2331 High cross-site scripting
19 May 2021 ASA-202105-9 AVG-1946 High cross-site scripting